[Summary view] [Print] [Text view]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Allows you to edit a users profile
  19   *
  20   * @copyright 1999 Martin Dougiamas  http://dougiamas.com
  21   * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  22   * @package core_user
  23   */
  24  
  25  require_once('../config.php');
  26  require_once($CFG->libdir.'/gdlib.php');
  27  require_once($CFG->libdir.'/adminlib.php');
  28  require_once($CFG->dirroot.'/user/editadvanced_form.php');
  29  require_once($CFG->dirroot.'/user/editlib.php');
  30  require_once($CFG->dirroot.'/user/profile/lib.php');
  31  require_once($CFG->dirroot.'/user/lib.php');
  32  
  33  // HTTPS is required in this page when $CFG->loginhttps enabled.
  34  $PAGE->https_required();
  35  
  36  $id     = optional_param('id', $USER->id, PARAM_INT);    // User id; -1 if creating new user.
  37  $course = optional_param('course', SITEID, PARAM_INT);   // Course id (defaults to Site).
  38  $returnto = optional_param('returnto', null, PARAM_ALPHA);  // Code determining where to return to after save.
  39  
  40  $PAGE->set_url('/user/editadvanced.php', array('course' => $course, 'id' => $id));
  41  
  42  $course = $DB->get_record('course', array('id' => $course), '*', MUST_EXIST);
  43  
  44  if (!empty($USER->newadminuser)) {
  45      // Ignore double clicks, we must finish all operations before cancelling request.
  46      ignore_user_abort(true);
  47  
  48      $PAGE->set_course($SITE);
  49      $PAGE->set_pagelayout('maintenance');
  50  } else {
  51      if ($course->id == SITEID) {
  52          require_login();
  53          $PAGE->set_context(context_system::instance());
  54      } else {
  55          require_login($course);
  56      }
  57      $PAGE->set_pagelayout('admin');
  58  }
  59  
  60  if ($course->id == SITEID) {
  61      $coursecontext = context_system::instance();   // SYSTEM context.
  62  } else {
  63      $coursecontext = context_course::instance($course->id);   // Course context.
  64  }
  65  $systemcontext = context_system::instance();
  66  
  67  if ($id == -1) {
  68      // Creating new user.
  69      $user = new stdClass();
  70      $user->id = -1;
  71      $user->auth = 'manual';
  72      $user->confirmed = 1;
  73      $user->deleted = 0;
  74      $user->timezone = '99';
  75      require_capability('moodle/user:create', $systemcontext);
  76      admin_externalpage_setup('addnewuser', '', array('id' => -1));
  77  } else {
  78      // Editing existing user.
  79      require_capability('moodle/user:update', $systemcontext);
  80      $user = $DB->get_record('user', array('id' => $id), '*', MUST_EXIST);
  81      $PAGE->set_context(context_user::instance($user->id));
  82      $PAGE->navbar->includesettingsbase = true;
  83      if ($user->id != $USER->id) {
  84          $PAGE->navigation->extend_for_user($user);
  85      } else {
  86          if ($node = $PAGE->navigation->find('myprofile', navigation_node::TYPE_ROOTNODE)) {
  87              $node->force_open();
  88          }
  89      }
  90  }
  91  
  92  // Remote users cannot be edited.
  93  if ($user->id != -1 and is_mnet_remote_user($user)) {
  94      redirect($CFG->wwwroot . "/user/view.php?id=$id&course={$course->id}");
  95  }
  96  
  97  if ($user->id != $USER->id and is_siteadmin($user) and !is_siteadmin($USER)) {  // Only admins may edit other admins.
  98      print_error('useradmineditadmin');
  99  }
 100  
 101  if (isguestuser($user->id)) { // The real guest user can not be edited.
 102      print_error('guestnoeditprofileother');
 103  }
 104  
 105  if ($user->deleted) {
 106      echo $OUTPUT->header();
 107      echo $OUTPUT->heading(get_string('userdeleted'));
 108      echo $OUTPUT->footer();
 109      die;
 110  }
 111  
 112  // Load user preferences.
 113  useredit_load_preferences($user);
 114  
 115  // Load custom profile fields data.
 116  profile_load_data($user);
 117  
 118  // User interests.
 119  $user->interests = core_tag_tag::get_item_tags_array('core', 'user', $id);
 120  
 121  if ($user->id !== -1) {
 122      $usercontext = context_user::instance($user->id);
 123      $editoroptions = array(
 124          'maxfiles'   => EDITOR_UNLIMITED_FILES,
 125          'maxbytes'   => $CFG->maxbytes,
 126          'trusttext'  => false,
 127          'forcehttps' => false,
 128          'context'    => $usercontext
 129      );
 130  
 131      $user = file_prepare_standard_editor($user, 'description', $editoroptions, $usercontext, 'user', 'profile', 0);
 132  } else {
 133      $usercontext = null;
 134      // This is a new user, we don't want to add files here.
 135      $editoroptions = array(
 136          'maxfiles' => 0,
 137          'maxbytes' => 0,
 138          'trusttext' => false,
 139          'forcehttps' => false,
 140          'context' => $coursecontext
 141      );
 142  }
 143  
 144  // Prepare filemanager draft area.
 145  $draftitemid = 0;
 146  $filemanagercontext = $editoroptions['context'];
 147  $filemanageroptions = array('maxbytes'       => $CFG->maxbytes,
 148                               'subdirs'        => 0,
 149                               'maxfiles'       => 1,
 150                               'accepted_types' => 'web_image');
 151  file_prepare_draft_area($draftitemid, $filemanagercontext->id, 'user', 'newicon', 0, $filemanageroptions);
 152  $user->imagefile = $draftitemid;
 153  // Create form.
 154  $userform = new user_editadvanced_form(new moodle_url($PAGE->url, array('returnto' => $returnto)), array(
 155      'editoroptions' => $editoroptions,
 156      'filemanageroptions' => $filemanageroptions,
 157      'user' => $user));
 158  
 159  if ($usernew = $userform->get_data()) {
 160      $usercreated = false;
 161  
 162      if (empty($usernew->auth)) {
 163          // User editing self.
 164          $authplugin = get_auth_plugin($user->auth);
 165          unset($usernew->auth); // Can not change/remove.
 166      } else {
 167          $authplugin = get_auth_plugin($usernew->auth);
 168      }
 169  
 170      $usernew->timemodified = time();
 171      $createpassword = false;
 172  
 173      if ($usernew->id == -1) {
 174          unset($usernew->id);
 175          $createpassword = !empty($usernew->createpassword);
 176          unset($usernew->createpassword);
 177          $usernew = file_postupdate_standard_editor($usernew, 'description', $editoroptions, null, 'user', 'profile', null);
 178          $usernew->mnethostid = $CFG->mnet_localhost_id; // Always local user.
 179          $usernew->confirmed  = 1;
 180          $usernew->timecreated = time();
 181          if ($authplugin->is_internal()) {
 182              if ($createpassword or empty($usernew->newpassword)) {
 183                  $usernew->password = '';
 184              } else {
 185                  $usernew->password = hash_internal_user_password($usernew->newpassword);
 186              }
 187          } else {
 188              $usernew->password = AUTH_PASSWORD_NOT_CACHED;
 189          }
 190          $usernew->id = user_create_user($usernew, false, false);
 191  
 192          if (!$authplugin->is_internal() and $authplugin->can_change_password() and !empty($usernew->newpassword)) {
 193              if (!$authplugin->user_update_password($usernew, $usernew->newpassword)) {
 194                  // Do not stop here, we need to finish user creation.
 195                  debugging(get_string('cannotupdatepasswordonextauth', '', '', $usernew->auth), DEBUG_NONE);
 196              }
 197          }
 198          $usercreated = true;
 199      } else {
 200          $usernew = file_postupdate_standard_editor($usernew, 'description', $editoroptions, $usercontext, 'user', 'profile', 0);
 201          // Pass a true old $user here.
 202          if (!$authplugin->user_update($user, $usernew)) {
 203              // Auth update failed.
 204              print_error('cannotupdateuseronexauth', '', '', $user->auth);
 205          }
 206          user_update_user($usernew, false, false);
 207  
 208          // Set new password if specified.
 209          if (!empty($usernew->newpassword)) {
 210              if ($authplugin->can_change_password()) {
 211                  if (!$authplugin->user_update_password($usernew, $usernew->newpassword)) {
 212                      print_error('cannotupdatepasswordonextauth', '', '', $usernew->auth);
 213                  }
 214                  unset_user_preference('create_password', $usernew); // Prevent cron from generating the password.
 215  
 216                  if (!empty($CFG->passwordchangelogout)) {
 217                      // We can use SID of other user safely here because they are unique,
 218                      // the problem here is we do not want to logout admin here when changing own password.
 219                      \core\session\manager::kill_user_sessions($usernew->id, session_id());
 220                  }
 221              }
 222          }
 223  
 224          // Force logout if user just suspended.
 225          if (isset($usernew->suspended) and $usernew->suspended and !$user->suspended) {
 226              \core\session\manager::kill_user_sessions($user->id);
 227          }
 228      }
 229  
 230      $usercontext = context_user::instance($usernew->id);
 231  
 232      // Update preferences.
 233      useredit_update_user_preference($usernew);
 234  
 235      // Update tags.
 236      if (empty($USER->newadminuser) && isset($usernew->interests)) {
 237          useredit_update_interests($usernew, $usernew->interests);
 238      }
 239  
 240      // Update user picture.
 241      if (empty($USER->newadminuser)) {
 242          core_user::update_picture($usernew, $filemanageroptions);
 243      }
 244  
 245      // Update mail bounces.
 246      useredit_update_bounces($user, $usernew);
 247  
 248      // Update forum track preference.
 249      useredit_update_trackforums($user, $usernew);
 250  
 251      // Save custom profile fields data.
 252      profile_save_data($usernew);
 253  
 254      // Reload from db.
 255      $usernew = $DB->get_record('user', array('id' => $usernew->id));
 256  
 257      if ($createpassword) {
 258          setnew_password_and_mail($usernew);
 259          unset_user_preference('create_password', $usernew);
 260          set_user_preference('auth_forcepasswordchange', 1, $usernew);
 261      }
 262  
 263      // Trigger update/create event, after all fields are stored.
 264      if ($usercreated) {
 265          \core\event\user_created::create_from_userid($usernew->id)->trigger();
 266      } else {
 267          \core\event\user_updated::create_from_userid($usernew->id)->trigger();
 268      }
 269  
 270      if ($user->id == $USER->id) {
 271          // Override old $USER session variable.
 272          foreach ((array)$usernew as $variable => $value) {
 273              if ($variable === 'description' or $variable === 'password') {
 274                  // These are not set for security nad perf reasons.
 275                  continue;
 276              }
 277              $USER->$variable = $value;
 278          }
 279          // Preload custom fields.
 280          profile_load_custom_fields($USER);
 281  
 282          if (!empty($USER->newadminuser)) {
 283              unset($USER->newadminuser);
 284              // Apply defaults again - some of them might depend on admin user info, backup, roles, etc.
 285              admin_apply_default_settings(null, false);
 286              // Admin account is fully configured - set flag here in case the redirect does not work.
 287              unset_config('adminsetuppending');
 288              // Redirect to admin/ to continue with installation.
 289              redirect("$CFG->wwwroot/$CFG->admin/");
 290          } else if (empty($SITE->fullname)) {
 291              // Somebody double clicked when editing admin user during install.
 292              redirect("$CFG->wwwroot/$CFG->admin/");
 293          } else {
 294              if ($returnto === 'profile') {
 295                  if ($course->id != SITEID) {
 296                      $returnurl = new moodle_url('/user/view.php', array('id' => $user->id, 'course' => $course->id));
 297                  } else {
 298                      $returnurl = new moodle_url('/user/profile.php', array('id' => $user->id));
 299                  }
 300              } else {
 301                  $returnurl = new moodle_url('/user/preferences.php', array('userid' => $user->id));
 302              }
 303              redirect($returnurl);
 304          }
 305      } else {
 306          \core\session\manager::gc(); // Remove stale sessions.
 307          redirect("$CFG->wwwroot/$CFG->admin/user.php");
 308      }
 309      // Never reached..
 310  }
 311  
 312  // Make sure we really are on the https page when https login required.
 313  $PAGE->verify_https_required();
 314  
 315  
 316  // Display page header.
 317  if ($user->id == -1 or ($user->id != $USER->id)) {
 318      if ($user->id == -1) {
 319          echo $OUTPUT->header();
 320      } else {
 321          $streditmyprofile = get_string('editmyprofile');
 322          $userfullname = fullname($user, true);
 323          $PAGE->set_heading($userfullname);
 324          $PAGE->set_title("$course->shortname: $streditmyprofile - $userfullname");
 325          echo $OUTPUT->header();
 326          echo $OUTPUT->heading($userfullname);
 327      }
 328  } else if (!empty($USER->newadminuser)) {
 329      $strinstallation = get_string('installation', 'install');
 330      $strprimaryadminsetup = get_string('primaryadminsetup');
 331  
 332      $PAGE->navbar->add($strprimaryadminsetup);
 333      $PAGE->set_title($strinstallation);
 334      $PAGE->set_heading($strinstallation);
 335      $PAGE->set_cacheable(false);
 336  
 337      echo $OUTPUT->header();
 338      echo $OUTPUT->box(get_string('configintroadmin', 'admin'), 'generalbox boxwidthnormal boxaligncenter');
 339      echo '<br />';
 340  } else {
 341      $streditmyprofile = get_string('editmyprofile');
 342      $strparticipants  = get_string('participants');
 343      $strnewuser       = get_string('newuser');
 344      $userfullname     = fullname($user, true);
 345  
 346      $PAGE->set_title("$course->shortname: $streditmyprofile");
 347      $PAGE->set_heading($userfullname);
 348  
 349      echo $OUTPUT->header();
 350      echo $OUTPUT->heading($streditmyprofile);
 351  }
 352  
 353  // Finally display THE form.
 354  $userform->display();
 355  
 356  // And proper footer.
 357  echo $OUTPUT->footer();
 358